ronin-app 0.1.0.rc1

Sign up to get free protection for your applications and to get access to all the features.
Files changed (163) hide show
  1. checksums.yaml +7 -0
  2. data/.dockerignore +3 -0
  3. data/.document +6 -0
  4. data/.env.dev +1 -0
  5. data/.github/workflows/ruby.yml +44 -0
  6. data/.gitignore +16 -0
  7. data/.rspec +1 -0
  8. data/.rubocop.yml +26 -0
  9. data/.ruby-version +1 -0
  10. data/.yardopts +1 -0
  11. data/CONTRIBUTING.md +34 -0
  12. data/COPYING.txt +661 -0
  13. data/ChangeLog.md +38 -0
  14. data/Dockerfile +27 -0
  15. data/Gemfile +61 -0
  16. data/Procfile +2 -0
  17. data/Procfile.dev +2 -0
  18. data/README.md +215 -0
  19. data/Rakefile +44 -0
  20. data/app/db.rb +680 -0
  21. data/app/scanning.rb +173 -0
  22. data/app.rb +372 -0
  23. data/bin/ronin-app +34 -0
  24. data/config/database.rb +17 -0
  25. data/config/puma.rb +24 -0
  26. data/config/redis.rb +4 -0
  27. data/config/sidekiq.rb +23 -0
  28. data/config/sidekiq.yml +12 -0
  29. data/config.ru +33 -0
  30. data/docker-compose.yml +45 -0
  31. data/etc/systemd/user/ronin-app-sidekiq.1.service +17 -0
  32. data/etc/systemd/user/ronin-app-web.1.service +18 -0
  33. data/etc/systemd/user/ronin-app.target +5 -0
  34. data/gemspec.yml +55 -0
  35. data/lib/middleware/sidekiq/active_record_connection_pool.rb +47 -0
  36. data/lib/ronin/app/cli.rb +197 -0
  37. data/lib/ronin/app/helpers/html.rb +71 -0
  38. data/lib/ronin/app/root.rb +28 -0
  39. data/lib/ronin/app/schemas/params_schema.rb +66 -0
  40. data/lib/ronin/app/schemas/payloads/build_schema.rb +56 -0
  41. data/lib/ronin/app/schemas/payloads/encoders/encode_schema.rb +60 -0
  42. data/lib/ronin/app/types/import.rb +35 -0
  43. data/lib/ronin/app/types/nmap.rb +81 -0
  44. data/lib/ronin/app/types/spider.rb +49 -0
  45. data/lib/ronin/app/types/vulns.rb +69 -0
  46. data/lib/ronin/app/types.rb +66 -0
  47. data/lib/ronin/app/validations/import_params.rb +71 -0
  48. data/lib/ronin/app/validations/install_repo_params.rb +78 -0
  49. data/lib/ronin/app/validations/masscan_params.rb +122 -0
  50. data/lib/ronin/app/validations/nmap_params.rb +183 -0
  51. data/lib/ronin/app/validations/recon_params.rb +86 -0
  52. data/lib/ronin/app/validations/spider_params.rb +103 -0
  53. data/lib/ronin/app/validations/vulns_params.rb +83 -0
  54. data/lib/ronin/app/version.rb +26 -0
  55. data/log/.gitkeep +0 -0
  56. data/man/ronin-app.1 +63 -0
  57. data/man/ronin-app.1.md +61 -0
  58. data/public/images/favicon.png +0 -0
  59. data/public/images/favicon.svg +78 -0
  60. data/public/images/logo.svg +78 -0
  61. data/public/images/sidekiq.svg +24 -0
  62. data/public/javascript/app.js +60 -0
  63. data/public/javascript/notes.js +28 -0
  64. data/public/javascript/tabs.js +40 -0
  65. data/public/stylesheets/app.css +216 -0
  66. data/public/stylesheets/bulma.min.css +1 -0
  67. data/ronin-app.gemspec +63 -0
  68. data/scripts/console +7 -0
  69. data/scripts/server +134 -0
  70. data/scripts/setup +447 -0
  71. data/scripts/update +55 -0
  72. data/tmp/.gitkeep +0 -0
  73. data/views/_authors.erb +62 -0
  74. data/views/_delete.erb +4 -0
  75. data/views/_delete_all.erb +4 -0
  76. data/views/_encoding_tabs.erb +25 -0
  77. data/views/_notes.erb +33 -0
  78. data/views/_pagination.erb +1 -0
  79. data/views/_param_fields.erb +66 -0
  80. data/views/_params.erb +35 -0
  81. data/views/about.erb +30 -0
  82. data/views/db/advisories/index.erb +30 -0
  83. data/views/db/advisories/show.erb +105 -0
  84. data/views/db/asns/index.erb +19 -0
  85. data/views/db/asns/show.erb +61 -0
  86. data/views/db/credentials/index.erb +30 -0
  87. data/views/db/credentials/show.erb +51 -0
  88. data/views/db/email_addresses/index.erb +30 -0
  89. data/views/db/email_addresses/show.erb +44 -0
  90. data/views/db/host_names/index.erb +30 -0
  91. data/views/db/host_names/show.erb +52 -0
  92. data/views/db/ip_addresses/index.erb +19 -0
  93. data/views/db/ip_addresses/show.erb +98 -0
  94. data/views/db/mac_addresses/index.erb +19 -0
  95. data/views/db/mac_addresses/show.erb +62 -0
  96. data/views/db/open_ports/index.erb +19 -0
  97. data/views/db/open_ports/show.erb +87 -0
  98. data/views/db/organizations/departments/show.erb +82 -0
  99. data/views/db/organizations/index.erb +28 -0
  100. data/views/db/organizations/members/show.erb +87 -0
  101. data/views/db/organizations/show.erb +111 -0
  102. data/views/db/oses/index.erb +19 -0
  103. data/views/db/oses/show.erb +46 -0
  104. data/views/db/passwords/index.erb +30 -0
  105. data/views/db/passwords/show.erb +52 -0
  106. data/views/db/people/index.erb +31 -0
  107. data/views/db/people/show.erb +120 -0
  108. data/views/db/phone_numbers/index.erb +30 -0
  109. data/views/db/phone_numbers/show.erb +63 -0
  110. data/views/db/ports/index.erb +30 -0
  111. data/views/db/ports/show.erb +70 -0
  112. data/views/db/services/index.erb +30 -0
  113. data/views/db/services/show.erb +65 -0
  114. data/views/db/software/index.erb +19 -0
  115. data/views/db/software/show.erb +52 -0
  116. data/views/db/software_vendors/index.erb +19 -0
  117. data/views/db/software_vendors/show.erb +36 -0
  118. data/views/db/street_addresses/index.erb +19 -0
  119. data/views/db/street_addresses/show.erb +63 -0
  120. data/views/db/url_query_param_names/index.erb +19 -0
  121. data/views/db/url_query_param_names/show.erb +50 -0
  122. data/views/db/url_schemes/index.erb +19 -0
  123. data/views/db/url_schemes/show.erb +36 -0
  124. data/views/db/urls/index.erb +30 -0
  125. data/views/db/urls/show.erb +103 -0
  126. data/views/db/user_names/index.erb +30 -0
  127. data/views/db/user_names/show.erb +48 -0
  128. data/views/db/vulns/index.erb +19 -0
  129. data/views/db/vulns/show.erb +104 -0
  130. data/views/db.erb +152 -0
  131. data/views/exploits/index.erb +9 -0
  132. data/views/exploits/show.erb +100 -0
  133. data/views/import.erb +30 -0
  134. data/views/index.erb +7 -0
  135. data/views/layout.erb +98 -0
  136. data/views/masscan.erb +459 -0
  137. data/views/nmap.erb +1009 -0
  138. data/views/payloads/build.erb +19 -0
  139. data/views/payloads/encoders/encode.erb +35 -0
  140. data/views/payloads/encoders/index.erb +9 -0
  141. data/views/payloads/encoders/show.erb +47 -0
  142. data/views/payloads/index.erb +9 -0
  143. data/views/payloads/show.erb +47 -0
  144. data/views/queue.erb +28 -0
  145. data/views/recon.erb +55 -0
  146. data/views/repos/index.erb +30 -0
  147. data/views/repos/install.erb +45 -0
  148. data/views/repos/show.erb +39 -0
  149. data/views/spider.erb +372 -0
  150. data/views/vulns.erb +214 -0
  151. data/workers/import.rb +96 -0
  152. data/workers/install_repo.rb +40 -0
  153. data/workers/masscan.rb +135 -0
  154. data/workers/nmap.rb +216 -0
  155. data/workers/purge_repos.rb +40 -0
  156. data/workers/recon.rb +95 -0
  157. data/workers/remove_repo.rb +40 -0
  158. data/workers/spider.rb +148 -0
  159. data/workers/update_repo.rb +42 -0
  160. data/workers/update_repos.rb +40 -0
  161. data/workers/vulns.rb +111 -0
  162. data/workers.rb +37 -0
  163. metadata +538 -0
data/views/payloads/build.erb ADDED
@@ -0,0 +1,19 @@
1
+ <script type="text/javascript" src="/javascript/tabs.js"></script>
2
+
3
+ <h1>Build Payload: <%=h @payload.class.id %></h1>
4
+
5
+ <form method="post">
6
+ <% unless @payload.class.params.empty? %>
7
+ <%= partial :param_fields, object: @payload %>
8
+ <% end %>
9
+
10
+ <div class="field">
11
+ <button type="submit" class="button is-primary">Build</button>
12
+ </div>
13
+ </form>
14
+
15
+ <% if @built_payload %>
16
+ <h2>Built Payload</h2>
17
+
18
+ <%= partial :encoding_tabs, string: @built_payload %>
19
+ <% end %>
data/views/payloads/encoders/encode.erb ADDED
@@ -0,0 +1,35 @@
1
+ <script type="text/javascript" src="/javascript/tabs.js"></script>
2
+
3
+ <h1>Encode Payload: <%=h @encoder.class.id %></h1>
4
+
5
+ <form method="post">
6
+ <div class="field">
7
+ <label class="label">Data</label>
8
+
9
+ <div class="control">
10
+ <% if @errors && @errors[:data] %>
11
+ <input class="input is-danger" type="text" name="data" value="<%=hattr params[:data] %>">
12
+
13
+ <% @errors[:data].each do |error| %>
14
+ <p class="help is-danger"><%=h error %></p>
15
+ <% end %>
16
+ <% else %>
17
+ <input class="input" type="text" name="data" placeholder="data to encode" value="<%=hattr params[:data] %>">
18
+ <% end %>
19
+ </div>
20
+ </div>
21
+
22
+ <% unless @encoder.class.params.empty? %>
23
+ <%= partial :param_fields, object: @encoder %>
24
+ <% end %>
25
+
26
+ <div class="field">
27
+ <button type="submit" class="button is-primary">Encode</button>
28
+ </div>
29
+ </form>
30
+
31
+ <% if @encoded_data %>
32
+ <h2>Encoded Data</h2>
33
+
34
+ <%= partial :encoding_tabs, string: @encoded_data %>
35
+ <% end %>
data/views/payloads/encoders/index.erb ADDED
@@ -0,0 +1,9 @@
1
+ <h1>Payload Encoders</h1>
2
+
3
+ <% @payload_encoders.each do |encoder_id| %>
4
+ <p>
5
+ <a href="/payloads/encoders/<%=hattr encoder_id %>">
6
+ <%=h encoder_id %>
7
+ </a>
8
+ </p>
9
+ <% end %>
data/views/payloads/encoders/show.erb ADDED
@@ -0,0 +1,47 @@
1
+ <h1>Payload Encoder: <%=h @encoder.id %></h1>
2
+
3
+ <table class="table">
4
+ <tbody>
5
+ <tr>
6
+ <td><strong>Name:</strong></td>
7
+ <td>
8
+ <kbd><%=h @encoder.id %></kbd>
9
+ </td>
10
+ </tr>
11
+
12
+ <tr>
13
+ <td><strong>Authors:</strong></td>
14
+ <td>
15
+ <%= partial(:authors, authors: @encoder.authors) %>
16
+ </td>
17
+ </tr>
18
+
19
+ <tr>
20
+ <td><strong>Summary:</strong></td>
21
+ <td><%=h @encoder.summary %></td>
22
+ </tr>
23
+
24
+ <tr>
25
+ <td><strong>Description:</strong></td>
26
+ <td>
27
+ <pre><%=h @encoder.description %></pre>
28
+ </td>
29
+ </tr>
30
+
31
+ <tr>
32
+ <td><strong>References:</strong></td>
33
+ <td>
34
+ <% @encoder.references.each do |reference| %>
35
+ <p><a href="<%=h reference %>"><%=h reference %></a></p>
36
+ <% end %>
37
+ </td>
38
+ </tr>
39
+
40
+ <tr>
41
+ <td><strong>Params:</strong></td>
42
+ <td>
43
+ <%= partial(:params, params: @encoder.params) %>
44
+ </td>
45
+ </tr>
46
+ </tbody>
47
+ </table>
data/views/payloads/index.erb ADDED
@@ -0,0 +1,9 @@
1
+ <h1>Payloads</h1>
2
+
3
+ <% @payloads.each do |payload_id| %>
4
+ <p>
5
+ <a href="/payloads/<%=h payload_id %>">
6
+ <%=h payload_id %>
7
+ </a>
8
+ </p>
9
+ <% end %>
data/views/payloads/show.erb ADDED
@@ -0,0 +1,47 @@
1
+ <h1>Payload: <%=h @payload.id %></h1>
2
+
3
+ <table class="table">
4
+ <tbody>
5
+ <tr>
6
+ <td><strong>Name:</strong></td>
7
+ <td>
8
+ <kbd><%=h @payload.id %></kbd>
9
+ </td>
10
+ </tr>
11
+
12
+ <tr>
13
+ <td><strong>Authors:</strong></td>
14
+ <td>
15
+ <%= partial(:authors, authors: @payload.authors) %>
16
+ </td>
17
+ </tr>
18
+
19
+ <tr>
20
+ <td><strong>Summary:</strong></td>
21
+ <td><%=h @payload.summary %></td>
22
+ </tr>
23
+
24
+ <tr>
25
+ <td><strong>Description:</strong></td>
26
+ <td>
27
+ <pre><%=h @payload.description %></pre>
28
+ </td>
29
+ </tr>
30
+
31
+ <tr>
32
+ <td><strong>References:</strong></td>
33
+ <td>
34
+ <% @payload.references.each do |reference| %>
35
+ <p><a href="<%=h reference %>"><%=h reference %></a></p>
36
+ <% end %>
37
+ </td>
38
+ </tr>
39
+
40
+ <tr>
41
+ <td><strong>Params:</strong></td>
42
+ <td>
43
+ <%= partial(:params, params: @payload.params) %>
44
+ </td>
45
+ </tr>
46
+ </tbody>
47
+ </table>
data/views/queue.erb ADDED
@@ -0,0 +1,28 @@
1
+ <h1>Currently running jobs</h1>
2
+
3
+ <% @workers.each do |worker| %>
4
+ <div class="box">
5
+ <div>
6
+ <div>
7
+ <h2 class="my-0"><%= worker[:class] %></h2>
8
+ <p class="mb-0"><strong>QUEUE:</strong> <%= worker[:queue] %></p>
9
+
10
+ <p>
11
+ <strong>ARGUMENTS:</strong>
12
+ <% worker[:args].each do |arg| %>
13
+ <% arg.each do |key, value| %>
14
+ <strong><%= key %></strong>: <kbd><%= value %></kbd>
15
+ <% end %>
16
+ <% end %>
17
+ </p>
18
+
19
+ <hr>
20
+ <div class="columns">
21
+ <div class="column is-one-third py-0"><strong>Created at:</strong> <%= worker[:created_at] %></div>
22
+ <div class="column is-one-third py-0"><strong>Enqueued at:</strong> <%= worker[:enqueued_at] %></div>
23
+ <div class="column is-one-third py-0"><strong>Run at:</strong> <%= worker[:run_at] %></div>
24
+ </div>
25
+ </div>
26
+ </div>
27
+ </div>
28
+ <% end %>
data/views/recon.erb ADDED
@@ -0,0 +1,55 @@
1
+ <h1>Recon</h1>
2
+
3
+ <form id="recon" action="/recon" method="post">
4
+ <div class="field">
5
+ <label class="label is-required">Scope</label>
6
+
7
+ <div class="control">
8
+ <% if @errors && @errors[:scope] %>
9
+ <textarea class="textarea is-danger" name="scope" required><%=h params[:scope] %></textarea>
10
+
11
+ <% @errors[:scope].each do |error| %>
12
+ <p class="help is-danger"><%=h error %></p>
13
+ <% end %>
14
+ <% else %>
15
+ <textarea class="textarea" name="scope" placeholder="example.com, www.example.com, *.example.com, 192.168.1.1, 192.168.1.0/24, https://example.com, ..." required><%=h params[:scope] %></textarea>
16
+ <% end %>
17
+ </div>
18
+ </div>
19
+
20
+ <div class="field">
21
+ <label class="label">Ignore</label>
22
+
23
+ <div class="control">
24
+ <% if @errors && @errors[:ignore] %>
25
+ <textarea class="textarea is-danger" name="ignore"><%=h params[:ignore] %></textarea>
26
+
27
+ <% @errors[:ignore].each do |error| %>
28
+ <p class="help is-danger"><%=h error %></p>
29
+ <% end %>
30
+ <% else %>
31
+ <textarea class="textarea" name="ignore" placeholder="example.com, www.example.com, *.example.com, 192.168.1.1, 192.168.1.0/24, https://example.com, ..."><%=h params[:ignore] %></textarea>
32
+ <% end %>
33
+ </div>
34
+ </div>
35
+
36
+ <div class="field">
37
+ <button type="submit" class="button is-primary">Recon</button>
38
+ </div>
39
+
40
+ <div class="field">
41
+ <label class="label">Max Depth</label>
42
+
43
+ <div class="control">
44
+ <% if @errors && @errors[:max_depth] %>
45
+ <input class="input is-danger" type="text" name="max_depth" value="<%=hattr params[:max_depth] %>">
46
+
47
+ <% @errors[:max_depth].each do |error| %>
48
+ <p class="help is-danger"><%=h error %></p>
49
+ <% end %>
50
+ <% else %>
51
+ <input class="input" type="text" name="max_depth" placeholder="3" value="<%=hattr params[:max_depth] %>">
52
+ <% end %>
53
+ </div>
54
+ </div>
55
+ </form>
data/views/repos/index.erb ADDED
@@ -0,0 +1,30 @@
1
+ <h1>Repositories</h1>
2
+
3
+ <% @repos.each do |repo| %>
4
+ <p>
5
+ <a href="/repos/<%=h repo.name %>">
6
+ <%=h repo.name %>
7
+ </a>
8
+ </p>
9
+ <% end %>
10
+
11
+ <div class="field is-grouped">
12
+ <div class="control">
13
+ <a href="/repos/install">
14
+ <button class="button is-primary">Install</button>
15
+ </a>
16
+ </div>
17
+
18
+ <div class="control">
19
+ <form action="/repos/update" method="POST">
20
+ <button type="submit" class="button is-primary">Update</button>
21
+ </form>
22
+ </div>
23
+
24
+ <div class="control">
25
+ <form action="/repos" method="POST">
26
+ <input type="hidden" name="_method" value="DELETE">
27
+ <button type="submit" class="button is-danger">Purge</button>
28
+ </form>
29
+ </div>
30
+ </div>
data/views/repos/install.erb ADDED
@@ -0,0 +1,45 @@
1
+ <h1>nmap</h1>
2
+
3
+ <form action="/repos/install" method="post">
4
+ <div class="field">
5
+ <label class="label is-required">URI</label>
6
+
7
+ <div class="control">
8
+ <% if @errors && @errors[:uri] %>
9
+ <input class="input is-danger" type="text" name="uri" placeholder="https://example.com/path/to/repo.git OR git@example.com:path/to/repo.git" value="<%=hattr params[:uri] %>">
10
+
11
+ <% @errors[:uri].each do |error| %>
12
+ <p class="help is-danger"><%=h error %></p>
13
+ <% end %>
14
+ <% else %>
15
+ <input class="input" type="text" name="uri" placeholder="https://example.com/path/to/repo.git OR git@example.com:path/to/repo.git" value="<%=hattr params[:uri] %>">
16
+ <% end %>
17
+ </div>
18
+ </div>
19
+
20
+ <div class="advanced">
21
+ <a class="advanced-toggle">Advanced Options</a>
22
+
23
+ <div class="advanced-content">
24
+ <div class="field">
25
+ <label class="label">Name</label>
26
+
27
+ <div class="control">
28
+ <% if @errors && @errors[:name] %>
29
+ <input class="input is-danger" type="text" name="name" placeholder="foo-bar" value="<%=hattr params[:name] %>">
30
+
31
+ <% @errors[:name].each do |error| %>
32
+ <p class="help is-danger"><%=h error %></p>
33
+ <% end %>
34
+ <% else %>
35
+ <input class="input" type="text" name="name" placeholder="foo-bar" value="<%=hattr params[:name] %>">
36
+ <% end %>
37
+ </div>
38
+ </div>
39
+ </div>
40
+ </div>
41
+
42
+ <div class="field">
43
+ <button type="submit" class="button is-primary">Install</button>
44
+ </div>
45
+ </form>
data/views/repos/show.erb ADDED
@@ -0,0 +1,39 @@
1
+ <h1>Repository: <%=h @repo.name %></h1>
2
+
3
+ <table class="table">
4
+ <tbody>
5
+ <tr>
6
+ <td><strong>Name:</strong></td>
7
+ <td><%=h @repo.name %></td>
8
+ </tr>
9
+
10
+ <tr>
11
+ <td><strong>URL:</strong></td>
12
+ <td><%=h @repo.url %></td>
13
+ </tr>
14
+
15
+ <tr>
16
+ <td><strong>Files:</strong></td>
17
+ <td>
18
+ <% @repo.list_files.each do |file| %>
19
+ <p><%=h file %></p>
20
+ <% end %>
21
+ </td>
22
+ </tr>
23
+ </tbody>
24
+ </table>
25
+
26
+ <div class="field is-grouped">
27
+ <div class="control">
28
+ <form action="/repos/<%=hattr @repo.name %>/update" method="POST">
29
+ <button type="submit" class="button is-primary">Update</button>
30
+ </form>
31
+ </div>
32
+
33
+ <div class="control">
34
+ <form action="/repos/<%=hattr @repo.name %>" method="POST">
35
+ <input type="hidden" name="_method" value="DELETE">
36
+ <button type="submit" class="button is-danger">Remove</button>
37
+ </form>
38
+ </div>
39
+ </div>